use Foreman/Nagios/Icinga to make life easy…

Install nagios in Gentoo/CentOS

Gentoo

# emerge nagios

Option: recompile apache for php support

add use flag “apache2” to /etc/portage/make.conf

# emerge --ask --changed-use --deep @world

Copy following content to /etc/apache2/vhosts.d/

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"
<Directory "/usr/lib64/nagios/cgi-bin">
#  SSLRequireSSL
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/auth.users
    Require valid-user

Alias /nagios "/usr/share/nagios/htdocs"
<Directory "/usr/share/nagios/htdocs">
#  SSLRequireSSL
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/auth.users
    Require nagiosadmin

Create password for nagiosadmin

# htpasswd2 -c /etc/nagios/auth.users nagiosadmin

Add NAGIOS to apache config

/etc/conf.d/apache

APACHE2_OPTS="... -D NAGIOS -D PHP5"

Add user nagios to apache group

# usermod -a -G nagios apache

Start service

# rc-service nagios restart
# rc-service apache2 restart

CentOS

# yum install "nagios*"
# htpasswd -c /etc/nagios/passwd admin
# chkconfig nagios on
# chkconfig httpd on
# service nagios start
# service httpd start

Add routers/hosts, add service, add hooks

Intergrate with oVirt

using Foreman

Install

USE

Intergrate with oVirt

TBD

kvm perfermance test, including periphery virtual device

I mean test, not profiling.

To virtual server and virtual desktop, we should inspect them from different standards.

For an server:
response time, throughput, concurrent, utilization
For and desktop:
response time, video/audio latency, utilization

Tools we can use to test

CPU:

SPEC(open, but not free)
Unixbench
Super PI
Compile linux kernel
pcmark(not open, not free, but cracked can be found..)
ffmpeg convert

graphic:

3dmark

fs,hd:

hdparm
iozone
blogbench
dbench

net:

iperf

ram

ramspeed

How to start

Initial host env: i5-3470, 8G, gentoo-linux-3.11+, qemu-1.6.0
Kernel para:

TBD

How to solve the ‘boot storm’ problem: BCACHE

Some solutions
Way 1. Add more cpus.(ABANDONED)
Way 2. Add a SSD as “boot cache”
Way 3. Sort the boot process

POC:
Way 2:
Sometimes we need cache the boot section of the OS into a SSD, since no SSD on hand, let’s try to use a block device made in /dev/shm

Way 3:
Considering that the parallelization of the “boot action”, we have to predict the action in the near future

Experiment:
Using BCACHE now…or flashcache

GPU Passthrough, VGA Passthrough in KVM

To inspire you, I’ve got a video from someone else. Better mutt the volume by the way.
Arch Linux KVM Crysis HD Gpu Passthrough
Or you can download it to see.
Download the video in HD

Here’s the links I refer to:
http://thread.gmane.org/gmane.comp.emulators.kvm.devel/71981
https://bbs.archlinux.org/viewtopic.php?id=162768
https://docs.google.com/document/d/1ef_nfl652L0HLn_wGvnpgjsBJd9LZzaV_-rIcEEoK8Y/edit?pli=1
http://www.linux-kvm.org/page/VGA_device_assignment
http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM

Result:
VGAPassthrough: success in host F19, guest Windows7
GPUPassthrough: success in Fedora-Rawhide

HOST:
CPU: Core i5 3470
GPU: ATI HD Radeon 7850
OS: Fedora-Rawhide
QEMU: qemu-1.5.1
kvm-vgapassthrough
So, here’s the steps

0. Enable the mainboard VxT, iommu and alter the video device to Intel HD

1. See what we have got now.

lspci;lspci -n

We have output below

...
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Pitcairn PRO [Radeon HD 7850]
01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cape Verde/Pitcairn HDMI Audio [Radeon HD 7700/7800 Series]
...
...
01:00.0 0300: 1002:6819
01:00.1 0403: 1002:aab0
...

You can see the pci bus and vendor.

2. Modify the kernel parameter, morprobe.d and libvirt.conf

Add follow parameters to grub.conf

intel_iommu=on pci-stub.ids=1002:6819,1002:aab0,vfio_iommu_type1.allow_unsafe_interrupts=1

NOTE: If you have got an AMD cpu, please replace “interl_iommu=on” with “iommu=pt iommu=1”
Add modprobe.conf to /etc/modprobe.d/ with this content:

blacklist radeon
options kvm ignore_msrs=1
options kvm allow_unsafe_interrupts=1
options kvm-amd npt=0
options kvm_intel emulate_invalid_guest_state=0
options vfio_iommu_type1 allow_unsafe_interrupts=1

change the following options in /etc/libvirt/qemu.conf:

# The user ID for QEMU processes run by the system instance.
user = "root"

# The group ID for QEMU processes run by the system instance.
group = "root"

......

# If clear_emulator_capabilities is enabled, libvirt will drop all
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
# default.
#
# Warning: Disabling this option means that a compromised guest can
# exploit the privileges and possibly do damage to the host.
#
clear_emulator_capabilities = 0

Reboot.

3. Using scripts below

Version 1: VFIO-Passthrough

File: vfio-bind

#!/bin/bash
modprobe vfio-pci
for var in "$@"; do
        for dev in $(ls /sys/bus/pci/devices/$var/iommu_group/devices); do
                vendor=$(cat /sys/bus/pci/devices/$dev/vendor)
                device=$(cat /sys/bus/pci/devices/$dev/device)
                if [ -e /sys/bus/pci/devices/$dev/driver ]; then
                        echo $dev > /sys/bus/pci/devices/$dev/driver/unbind
                        fi
                echo $vendor $device > /sys/bus/pci/drivers/vfio-pci/new_id
        done
done

Bind the device

./vfio-bind 0000:01:00.0 0000:01:00.1

Start VM

#!/bin/bash
sudo modprobe vfio-pci

sudo qemu-system-x86_64 -no-user-config -nodefaults -m 2048M -smp 4 -boot menu=on \
-net nic -net user -enable-kvm -monitor stdio -vga qxl -global qxl-vga.vram_size=67108864 \
-spice port=6000,ipv4,disable-ticketing \
-device intel-hda,id=sound0,bus=pcie.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \
-drive file=Windows7.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 \
-drive file=/home/lofyer/gpu_passthrough/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pcie.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x8 \
-M q35 \
-device piix4-ide,bus=pcie.0 \
-device ioh3420,bus=pcie.0,addr=1c.0,multifunction=on,port=1,chassis=1,id=root.1 \
-device vfio-pci,host=01:00.0,bus=root.1,addr=00.0,multifunction=on,x-vga=on \
-device vfio-pci,host=01:00.1,bus=root.1,addr=00.1 \
-fda virtio.vfd

Version 2: PCI-Passthrough

Bind device

#!/bin/bash
modprobe pci-stub
for id in 6819 aab0; do
    echo 1002 $id > /sys/bus/pci/drivers/pci-stub/new_id
done
for pci in 0000:01:00.{0,1}; do
    echo $pci > "/sys/bus/pci/devices/$pci/driver/unbind"
    echo $pci > /sys/bus/pci/drivers/pci-stub/bind
done

Start VM

#!/bin/bash
qemu-system-x86_64 \
-hda ../f17.qcow2 \
-cdrom /run/media/lofyer/Cache/OS_ISO/cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso \
-m 2048 -balloon virtio -smp 4 -enable-kvm \
-device pci-assign,host=01:00.0

Something about curl — Connecting IPA Server using json as an example

With Arduino as a server.

What we want is to keep a cookie and build a HEADER

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

[P1]

curl -e
curl -H referer:whereicamefrom.com
curl -d @file.txt
curl -d "somecmd"
curl -cookie
curl -D

[P2]
Communicating with ipa server
https://git.fedorahosted.org/cgit/freeipa.git/tree/API.txt

Get ca.crt

curl -k https://$YOURHOST/ipa/config/ca.crt >> /tmp/ipa.ca.cert

Get sessionid

sessid=$(curl -v 
-H referer:https://ipa.test.net/ipa/ui/index.html 
-H "Content-Type:application/x-www-form-urlencoded" 
-H "Accept:*/*" 
--negotiate -u : 
--cacert ./ca.crt 
-d "user=admin" -d "password=12345678" 
-D cookie.txt 
-X POST 
-k      
https://ipa.test.net/ipa/session/login_password 
2>&1 | grep -o "ipa_session=[a-zA-Z0-9]*")

Post a json file with cmd in it

curl -v 
-H referer:https://ipa.test.net/ipa/ui/index.html 
-H "Content-Type:application/json" 
-H "Accept:applicaton/json" 
-negotiate -u : 
--cacert ./ca.crt 
--cookie $sessid 
-d @ipa.json 
-X POST 
-k      
https://ipa.test.net/ipa/session/json

Here’s a json file

{
"method":"user_find",
"params":[
        [""],
        {"uid":"admin"}
        ],
"id":0
}
{
"method":"user_add",
"params":[
        [],
        {
         "uid":"test1",
         "cn":"cn",
         "givenname":"test1",
         "sn":"test1"
        }
        ],
"id":0
}

Git Exp.

Supposing that you had a git server, we can use exist git as your own working bare.

[On your own git server] Create a repo.
Clone an exist git.

$ git clone git@exist-server:exist.git

Make its master branch writable.

$ echo -e "[receive]ntdenyCurrentBranch = ignore" >> exist.git/.git/config

[On your client] Create a branch & make a change.
Clone exist.git as your own git-src, in which you can see the old commits and branch.

$ git clone git@your-server:exist.git
$ cd exist

We create a new branch based on its master.

$ git checkout -b mybranch
$ echo "Add README" > README
$ git add README
$ git commit -m "Add READEME in ROOT"

Since this is our first commit, we should push our branch to origin. Next time you should just type ‘git push’

$ git push origin mybranch

[On your own git server] An update in master.
Let’s get some new commits.

$ git pull

Here we get something like this…
git2

Now we get commit0 and commitA on mybranch, with commit0 and commit1 on branch master.
What we want is something like this.
git3

[On your client] Merge commit1 to mybranch
Way 1.Just merge them from your own git server

$ git pull origin master

Way 2.Pull commit1 to local master, then rebase or merge it to mybranch
Merge:

$ git merge master

Rebase:

$ git rebase master

Final step:

$ git push


There’s a little difference between merge and rebase in history.
Reference:
http://gitbook.liuhui998.com/4_2.html